#1 Key Internet operator VeriSign hit by hackers, by Joseph Menn
The security breaches at the VeriSign, Inc. shocked security experts worldwide after they were made public according to the new SEC rules. The breaches occurred in 2010 but even company’s top management did not know about them till September 2011. The importance of the IT security at the VeriSign is paramount: till August 2010 it was a largest provider the Secure Socket Layer certificates. These certificates separate the “fake” websites from the legitimate ones. Whenever one sees the “https” in the browser one can assume that the personal and financial information typed in is secured. Thus creating the fake certificates allows hackers steal the valuable information.
The details of the breaches, except those disclosed in the SEC filing, are unknown. The company’s representative say that they do not think that SSL technology was compromised, but they do not say it firmly. The article also mentions the similar attacks on the RCA, which also provides the secure authentication services. No doubts, the attacks on the companies which are core providers of the secure internet connections is a very big deal which may put all the business transactions at a serious risk. I think that it is also very bad that the top management did not find out about the security breaches in time.
#2 Security Breach: Lost Data Cartridges May Have Exposed Personal Records From California's Child Support System, by Shaya Tayefe Mohajer
Even very respectable and experienced organizations could be subject to a quite trivial security breach. For example, The IBM and its contractor, Iron Mountain Inc., lost about 800,000 records about adults and children. The breach occurred because four special data cartridges were simply lost in the mail during the emergency simulation exercise. It was reported that the container which stored the cartridges was not secured properly and the cartridges “spilled out” and lost somewhere between the Sacramento, Ca., and Boulder, Co. The cartridges were actually lost by the FedEx which was used by the
Iron Mountain for the air shipping.
This case is an example of the security breach with respect to the equipment which is taken of premises. Because the Iron Mountain shipped the data cartridges using the FedEx, there is a possible loss of control by the IBM with regard to the shipping policies. The liability of the FedEX is limited to the shipping insurance (was it just cost of cartridges?) while the possible total cost of the incident could be much higher. Thus, it could have been more prudent for the Iron Mountain to use more secure containers for the cartridges, and use a chartered jet or accompany the cartridges with the couriers. The IBM should have put a special security policy regarding the air shipping in place.
#1 Key Internet operator VeriSign hit by hackers, by Joseph Menn
The security breaches at the VeriSign, Inc. shocked security experts worldwide after they were made public according to the new SEC rules. The breaches occurred in 2010 but even company’s top management did not know about them till September 2011. The importance of the IT security at the VeriSign is paramount: till August 2010 it was a largest provider the Secure Socket Layer certificates. These certificates separate the “fake” websites from the legitimate ones. Whenever one sees the “https” in the browser one can assume that the personal and financial information typed in is secured. Thus creating the fake certificates allows hackers steal the valuable information.
The details of the breaches, except those disclosed in the SEC filing, are unknown. The company’s representative say that they do not think that SSL technology was compromised, but they do not say it firmly. The article also mentions the similar attacks on the RCA, which also provides the secure authentication services. No doubts, the attacks on the companies which are core providers of the secure internet connections is a very big deal which may put all the business transactions at a serious risk. I think that it is also very bad that the top management did not find out about the security breaches in time.
#2 Security Breach: Lost Data Cartridges May Have Exposed Personal Records From California's Child Support System, by Shaya Tayefe Mohajer
Even very respectable and experienced organizations could be subject to a quite trivial security breach. For example, The IBM and its contractor, Iron Mountain Inc., lost about 800,000 records about adults and children. The breach occurred because four special data cartridges were simply lost in the mail during the emergency simulation exercise. It was reported that the container which stored the cartridges was not secured properly and the cartridges “spilled out” and lost somewhere between the Sacramento, Ca., and Boulder, Co. The cartridges were actually lost by the FedEx which was used by the
Iron Mountain for the air shipping.
This case is an example of the security breach with respect to the equipment which is taken of premises. Because the Iron Mountain shipped the data cartridges using the FedEx, there is a possible loss of control by the IBM with regard to the shipping policies. The liability of the FedEX is limited to the shipping insurance (was it just cost of cartridges?) while the possible total cost of the incident could be much higher. Thus, it could have been more prudent for the Iron Mountain to use more secure containers for the cartridges, and use a chartered jet or accompany the cartridges with the couriers. The IBM should have put a special security policy regarding the air shipping in place.
32/50